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Amendments to the Claims 

Claim 1 . (currently amended) A machine readable medium that provides 
instructions, which when executed by at least one processor, cause said processor to perform 
Operations comprising: 

decrypting a pavload of a data block received ftom a protoeol-specific device: 

encrypting flie [[a]] payload of a data block of a data-stream with at least one key, before 
transmitting the data-stream from a first system to a second system, wherein the first system 
comprises a protected content exchange (PCX) module^ and wherein the second system 
comprises at least one application decoder module; 

replacing a portion of said payload with a tag that identifies an at least one decrypting key 
to said first system, before said transmitting; and 

setting a flag in a header of the data block that indicates that said payload has said tag, 
before said transmitting. 

Claim 2. (original) The meditun defined in claim 1 wherein said encrypting includes 
encrypting said portion of said payload. 

Claim 3 (currently amended) The medium defined in claim 1 wherein said tag 

includes one of: 

a data-stream identifier having sufficient information to access said at least one key, and 
a data-stream identifier having insufficient information to access said at least one key, and 
a source stream identifier, said source stream identifier comprising a source of said keys, and 
[[if]] Y^iciLnecessary to provide guqieient information to access said at least one key, a source of 
said portion of said payload. 

Claim 4. (previously presented) The medium defined in claim 1 wherein said 
operations further include 

receiving a transmission firom said second system that includes data indicating said tag; 

and 
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sending said keys, and if necessary, said portion of said payload, to said second system 
based on said transmission. 

Claim 5. (previously presented) The medium defined in claim 1 wherein said 
operations further include before setting said flag and encrypting said payload; said first system 

receiving a stream of data firom a third system wherein said data-stream is based on said 
stream of data, and whcrcm said third system is a source device. 

Claim 6. (currently amended) A machine readable medium that provides 
instructions> which when executed by at least one processor, cause said processor to perform 
operations comprising: 

after a fixed-length data block of a data-stream> the data block having both a payload 
including an encrypted data portion and at least one tag bits, and a header, is received by a second 
system, readii^ a flag in the header indicating that the data block has the tag bits, wherein a 
segment of the payload is removed by a transmitting first system when necessary to 
accommodate the at least one tag bit before the data block is received by the second system. 
^iierein the encrypted data portion comprises at least one data portion comprising an encrypted 
data block of a first decrypted data block, the first decrypted data block being a data block 
decrypted by the first system before transmission from the first system to the second system 

if the flag indicates that the data block has the tag bits, reading at least one bit identifying 
the data-stream in the tag bits; 

sending a datum fiom the second system to the transmitting first system indicating an 
identification of the read data-stream based on the at least one bit; 

the second system receiving fiom the first system a definition of a decrypting keys for the 
data-stream based on the datum sent firom the second system to the first system; and 

decrypting the data block in the second system based on the decrypting keys received by 
the second system. 
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Claim 1. (previously presented) The medium defined in claim 6 further including 
the second system receiving from the first system the removed segment of the pay load based on 
the datum sent from the second system to the first system. 

Claim 8. (previously presented) The medium defined in claim 7 further including 
the second system replacing the at least one tag bits in the payload with the removed segment of 
the payload, and if the removed segment of the payload is encrypted then decrypting includes 
decrypting the removed segment of the payload. 

Claim 9. (currently amended) A method comprising: 

a sending system replacing a portion of a decrypted data block payload with at least one 
tag bits that identify an at least one decrypting key; 

said sending system setting a flag in a header of said data block that indicates at least one 
of said payload is encrypted and said payload includes said tag; 

said sending system encrypting said payload with at least one key; and 

said sending system transmitting said data block to a receiving system after said setting a 
flag, said encrypting, and said replacing^ 

wherein the sending system comprises a protected content exchange (PCX) moduIe> and 
wherein the receiving system comprises at least one application decoder module. 

Claim 10. (original) The method defined in claim 9 wherein said encrypting includes 
encrypting said payload portion. 

Claim 1 1 . (currently amended) ITie method defined in claim 9 further including 
said sending system transferring a jSrst data characterized by: 
said at least one key to said receiving system; and 
if nocossaiy , s aid replaced payload iroition to said receiving system. 
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Claim 12. (origiiial) The method defined in claim 1 1 wherein said sending system 
transmitting said first data is based upon said receiving system transmitting to said sending 
system said tag bits. 

Claim 1 3. (previously presented) The method defined in claim 12 further including 

one of: 

(a) said sending system transmitting said replaced payload portion to said receiving 
system based upon said receiving system transmitting to said sending system said tag bits; and 
said receiving system replacing said tag bits with said replaced payload portion in response to 
receiving said replaced payload portion from said sending system^ and wherein said encrypting 
includes encrypting said replaced payload portion, and said decrypting includes decrypting said 
replaced payload portion; and 

(b) said sending system transmitting said replaced payload portion to said receiving 
system based upon said receiving system transmitting to said sending system a first datum that 
identifies a data^stream that includes said data block, and said receiving system replacing said 
payload portion in response to receiving said replaced payload portion from said sending system. 

Claim 14. (original) The method defined in claim 9 wherein said transmitting occurs 
via a shared memory unit. 

Claim 1 5. (original) The method defined in claim 9 \^rein 
said sending system and said receiving system are separate physical devices; 
said transmitting of said data block occurs on a first channel; and 
transmitting of non-data block data including at least otie of said key from said sending 
system to said receiving system, said payload pordon from said sending system to said receiving 
system, and a datum that identifies a data-stream that includes said data block, occurs on at least 
one separate second channel. 

Claim 16. (original) The method defined in claim 9 wherein said tag bits further 
identify a source of said keys in said sending system. 
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Claim 17. (currently amended) A method comprising: 

a receiving system of an encrypted data block that has a pay load and a header reading a 
set flag in a header of said data block; 

said receiving system readixig at least one tag bit in a payload portion of said data block in 
response to said reading said set flag; 

said receiving system sending a first datum to a sending system of said encrypted data 
block that identifies a data-stream that includes said data block based on said read tag bits; and 

said receiving system decrypting a payload data of said payload portion in respox:ise to 
receiving a decryption keys firom said sending system, 

wherein the sending system comprises a protected content exchange (PCX) module, the 
sending system to decrvpt an initial data bJock and to encrypt at least a twrtion of the decrypted 
initial data block prior to sending the encrypted data block that has a payload and header to the 
receiving system, and wherein the receiving system comprises at least one application decoder 
module. 

Claim 1 8. (original) The method defined in claim 1 7 wherein said tag bits have a source 
identifier in said sending system of said decryption keys, and further including said receiving 
system sending said source identifier to said sending system in response to said reading. 

Claim 1 9. (currently amended) A data safeguarding system for a data block sent 
from a first system to a second system including: 

a first system payload replacement circuit that replaces a portion of a payload of said data 
block with a tag data that indicates at least one decryption key for said data block in said first 
syste m, wherein the first system payload replacement circuit decrypts said payload prior to 
replacement of the, portion of the payload: 

a first system header flag setting circuit that sets a flag in a header of said data block 
when said data block includes said tag; 

a first system encryption circuit that encrypts said decrypted pavload using said at 
least one decryption key; and 
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a first system data-stream sending circuit that sends a data-stream that includes said data 
block to said second system after said header flag setting circuit sets said flag and said encryption 
circuit encrypts said pay load and said payload replacement circuit replaces said portion of a 
payload, wherein the first system comprises a protected content exchange (PCX) module, and 
wherein the second system comprises at least one application decoder module. 

Claim 20. (original) The system defined in claim 19 wherein said first system 
encryption circuit encrypts said portion of said payload. 

Claim 21. (currently amended) The system defined in claim 19 fiirther including 
a first system sending circuit that sends said at least one key to said secotui system, 
wherein the first system sending circuit send s^ if n e c e ssary, said portion of said payload 
to said second system. 

Claim 22. (original) The system defined in claim 21 wherein said first system sending 
circuit sending is based upon said first system receiving fit)m said second system a first datum 
that indicates at least one decryption key for said data block in said first system 

Claim 23. (previoxjsly presented) The system defined in claim 1 9, further including: 

a second system header flag reading circuit that reads said flag in said header; 

a second system tag data reading circuit that reads said tag data if said second system 
header flag reading circuit indicates that said flag includes said tag data; 

a second system data sending circuit that sends to said first system a datum that identifies 
said data-stream based on said tag data; and 

a second system decrypting circuit that decrypts said encrypted payload. 

Claim 24. (original) The system defined in claim 23 further including a first system key 
sending circuit that sends said at least one key to said second system* and wherein said second 
system deoypting circuit decrypts said data stream based on said at least one key. 
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Claim 25. (previously presented) The system defined in claim 23 further including 

a first system sending circxiit that sends said replaced portion of said pay load to said 
second system in response to receiving from said second system a datum that indicates said 
decryption keys in said first system 

said first circuit encryption circuit further encrypts said replaced portion of said payload; 

a second system payload replacement circuit that replaces said received tag data with said 
replaced portion of said payload; and 

said second system decrypting circuit further decrypts said replaced portion of said 
payload. 

Claim 26. (original) The system defined in claim 19 wherein at least one of: 
said sending occurs via a shared memory; and 

said fbrst system and said second system are separate physical devices; said sending of 
said data-stream occurs on a first channel; and sending non-<Jata-stream data including at least 
one of said at least one key, said portion of said payload, and said data-stream identifier occurs 
on a second channel. 

Claim 27. (original) The system defined in claim 23 wherein said tag data further has an 
identifier for accessing a first system unit that can send to said second system said keys. 

Claim 28. (currently amended) The system defined in claim 1 9 further including 
before said first circuit header flag setting circuit setting said flag and said first circuit encryption 
circuit encrypting said payload, a second circuit receiving circuit that can receive a stream of data 
from a third system wherein said data-stream is based on said stream of data, wherein said third 
system comprises a source devic e, and wherein a first data block of the received data stream is to 
be sent to a different one of the at least one application decoder module than a second data block 
of the received dat^ streant. 

Claim 29. (currently amended) A system for safeguarding a data block of a data- 
stream sent from a first system to a second system comprising: 
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a second system header flag reading circuit that reads a flag in a header of said data block; 

a second system tag data reading circuit that reads a data-stream identifier in a tag data of 
a payload portion of said block if said header flag reading circuit indicates that said flag includes 
said tag data; and 

a second system data sending circuit that sends to said first system a first datum that 
identifies said data-stream based on said data-stream identifier, 

wherein the fiist system comprises a protected content exchange (PCX) module, and 
wherein the second system comprises at least one application decoder modul e, the PCX module 
to decrypt an initial data block and to encrypt at least a portion of the decrypted initial data block 
prior to sending the encrypted data block that has a pavload and header to the at least one 
a pplication decoder module . 

Claim 30. (original) The system defined in claim 29 jfuithcr including a second system 
decrypting circuit that decrypts said data block. 

Claim 3 1 . (withdrawn) A method comprising: 

receiving a data stream from a somx^ device, by a sending system^ the data stream 
comprising a sequence of data blocks, wherein each data block comprises a header and a 
payload; 

the sending system negotiatixxg vrtth each of at least one application decoder to generate a 
session key shared between the sending system and the at least one application decoder, each 
session key to encrypt at least a decryption key; 

for each data block, encrypting a payload by the sending system, the payload 
corresponding to the each data block, the encryption using at least one key; 

the sending system storing a portion of the encrypted payload to be transmitted later to the 
application decoder, wherein the stored portion is one of an encrypted portion and an 
unencrypted portion; 

the sending system replacing the stored portion of the encrypted payload with a tag, the 
tag identifying the data stream and a source of the data stream; 
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the sending system setting a flag in a header of the data block corrcsponsing to the 
encrypted payload, the flag indicating that (a) at least one of said payload is encrypted and (b) 
said payload includes the tag; and 

transmitting by the sending system each of the data blocks to an appropriate one of the at 
least one application decoder. 

Claim 32. (withdrawn) The method as recited in claim 3 1 . wherein the sending 
system comprises a protected content exchange (PCX) module having at least one decryptor, a 
protocol specific registration engine, at least one encryptor, and a negotiator. 

Claim 33 . (withdrawn) The method as recited in claim 3 1 , wherein each of the at 
least one application decoders use a dififerent session key. 

Claim 34- (withdrawn) The method as recited in claim 3 1 , wherein the data stream 
identifier references an encryption key and the saved portion of the payload. 

Claim 35. (withdrawn) The method as recited in claim 31, wherein each of the data 
blocks is transmitted via a first transmission channel and negotiating is via at least one separate 
second transmission channel. 

Claim 36- (withdrawn) The method as recited in claim 35, wherein negotiating 
from said sending system to said receiving system, comprises transmitting of non-data block 
information including (a) at least one key selected from the group of session keys, encryption 
keys and decryption keys, (b) the portion of the encrypted payload to be transmitted later from 
the sending system to said receiving system, and (c) a datum that identifies a data-stream that 
includes the data block. 

Claim 37. (withdrawn) The method as recited in claim 3 1 , further comprising 
determining, for each data block, by a device specific driver, to which of the at least one 
^plication decoders the data block should be sent based on a protocol specific to the data block. 
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Claim 38. (withdrawn) A system for safeguarding protocol-specific data within a 
device, comprising; 

a first transmission channel to transmit at least one protocol specific encrypted data 

stream; 

at least one protected content exchange (PCX) device configured to translate the at least 
one protocol specific encrypted data stream into a PCX encrypted data stream; and 

at least one application decoder configured to decode the PCX encrypted data stream, the 
decoded PCX data stream comprising a plurality of data blocks each data block having a header 
and a payload, 

wherein the at least one PCX device comprises; 

at least one protocol specific registration engine configured to register the at least 
one application decoder, 

at least one negotiator configured to negotiate at least one device key for the at 
least one application decoder, the negotiator using a second transmission channel to 
communicate non-data block data between the PCX device and the at least one 
application decoder, 

at least one decryptor configured to decrypt the at least one protocol specific 
encrypted data stream, 

at least one encryptor configured to encrypt at least a portion of the decrypted data 
stream using the at least one device key to produce at least one re-encrypted data stream, 
a payload replacement module to replace a portion of a pay load of the data block 
with a tag data that indicates at least one decryption key for the data block in the PCX 
device, 

a header flag setting module that sets a flag in a header of the data block when the 
data block includes the tag, and 

a data-stream sending module that sends a data-stream, the data stream including 
the data block, to the at least one appUcation decoder after the header flag setting module 
sets the flag and the encryptor encrypts the data stream and the payload replacement 
module replaces the portion of a payload. 
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Claim 39. (new) A machine readable mediTim that provides instructions, which 
\^en executed by at least one processor, cause said processor to perfonn operations comprising; 

decrypting a data block received from a protocol-specific device; 

encrypting a portion of a payload of a data block of a data-stream with at least one key, 
before transmitting the data-stream from a first system to a second system; 

replacing the portion of said payload with a tag that identifies an at least one decrypting 
key to said first system, before said transmitting; and 

setting a flag in a header of the data block that indicates that said payload has said tag, 
before said transmitting. 

Claim 40. (new) The mediimi defined in claim 39 wherein said encrypting includes 
encrypting said entire payload, including the at least one decrypting key. 
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